pkgsrc-changes: CVS commit: [pkgsrc-2005Q3] pkgsrc/www

Subject: CVS commit: [pkgsrc-2005Q3] pkgsrc/www
To: None <pkgsrc-changes@NetBSD.org>
From: Lubomir Sedlacik <salo@netbsd.org>
List: pkgsrc-changes
Date: 10/19/2005 22:04:48
Module Name:	pkgsrc
Committed By:	salo
Date:		Wed Oct 19 22:04:48 UTC 2005

Modified Files:
	pkgsrc/www/ap-ssl [pkgsrc-2005Q3]: Makefile distinfo
	pkgsrc/www/apache [pkgsrc-2005Q3]: Makefile PLIST distinfo

Log Message:
Pullup ticket 842 - requested by Manuel Bouyer
security update for apache

Revisions pulled up:
- pkgsrc/www/apache/Makefile		1.173
- pkgsrc/www/apache/distinfo		1.47
- pkgsrc/www/apache/PLIST		1.14
- pkgsrc/www/ap-ssl/Makefile		1.92
- pkgsrc/www/ap-ssl/distinfo		1.30

   Module Name:		pkgsrc
   Committed By:	bouyer
   Date:		Wed Oct 19 20:30:21 UTC 2005

   Modified Files:
   	pkgsrc/www/apache: Makefile distinfo

   Log Message:
   Update to 1.3.34. This is a security fix release, fix pkg/31868 by
   Zafer Aydogan. Changes from 1.3.33:
     *) hsregex: fix potential core dumping on 64 bit machines, such as
        AMD64. bug 31858. [Glenn Strauss < gs-apache-dev gluelogic.com>]

     *) SECURITY: core: If a request contains both Transfer-Encoding and
        Content-Length headers, remove the Content-Length, mitigating some
        HTTP Request Splitting/Spoofing attacks.  This has no impact on
        mod_proxy_http, yet affects any module which supports chunked
        encoding yet fails to prefer T-E: chunked over the Content-Length
        purported value.  [Paul Querna, Joe Orton]

     *) Added TraceEnable [on|off|extended] per-server directive to alter
        the behavior of the TRACE method.  This addresses a flaw in proxy
        conformance to RFC 2616 - previously the proxy server would accept
        a TRACE request body although the RFC prohibited it.  The default
        remains 'TraceEnable on'.
        [William Rowe]

     *) mod_digest: Fix another nonce string calculation issue.
        [Eric Covener]
---
   Module Name:		pkgsrc
   Committed By:	bouyer
   Date:		Wed Oct 19 20:33:44 UTC 2005

   Modified Files:
   	pkgsrc/www/ap-ssl: Makefile distinfo

   Log Message:
   Update to mod_ssl 2.8.25. The only change is support for apache 1.3.34.
---
   Module Name:		pkgsrc
   Committed By:	bouyer
   Date:		Wed Oct 19 21:42:59 UTC 2005

   Modified Files:
   	pkgsrc/www/apache: PLIST

   Log Message:
   Add missing entry for a new file. Pointed out by Lubomir Sedlacik.
   Close enouth to the package update to not bump pkgrevision.


To generate a diff of this commit:
cvs rdiff -r1.91 -r1.91.2.1 pkgsrc/www/ap-ssl/Makefile
cvs rdiff -r1.29 -r1.29.2.1 pkgsrc/www/ap-ssl/distinfo
cvs rdiff -r1.171 -r1.171.2.1 pkgsrc/www/apache/Makefile
cvs rdiff -r1.13 -r1.13.4.1 pkgsrc/www/apache/PLIST
cvs rdiff -r1.46 -r1.46.2.1 pkgsrc/www/apache/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.